Issue 810630 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 810561
Owner:	----
Closed:	Feb 2018
Cc:	█ brajkumar@chromium.org style-bugs@google.com
Components:	Blink>CSS
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-ThreadSanitizer Clusterfuzz Test-Predator-Wrong M-66 CF-NeedsTriage Test-Predator-Auto-Components

Null-dereference READ in blink::CachedMatchedProperties::Clear

Project Member Reported by ClusterFuzz, Feb 9 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5035030192324608

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  blink::CachedMatchedProperties::Clear
  blink::MatchedPropertiesCache::Clear
  blink::StyleResolver::InvalidateMatchedPropertiesCache
  
Sanitizer: thread (TSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=535301:535306

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5035030192324608

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Feb 9 2018

Components: Blink>CSS Blink>Internals>WTF
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by yutak@chromium.org, Feb 9 2018

Components: -Blink>Internals>WTF

Comment 3 by brajkumar@chromium.org, Feb 9 2018

Cc: brajkumar@chromium.org
Labels: M-66 Test-Predator-Wrong CF-NeedsTriage

Unable to find actual suspect through code search and also from the provided CL under regression range, hence adding appropriate label and leaving it as untriaged for further updates.

Thanks!

Comment 4 by nainar@chromium.org, Feb 9 2018

Mergedinto: 810561
Status: Duplicate (was: Untriaged)

Project Member

Comment 5 by ClusterFuzz, Feb 10 2018

ClusterFuzz has detected this issue as fixed in range 535924:535929.

Detailed report: https://clusterfuzz.com/testcase?key=5035030192324608

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  blink::CachedMatchedProperties::Clear
  blink::MatchedPropertiesCache::Clear
  blink::StyleResolver::InvalidateMatchedPropertiesCache
  
Sanitizer: thread (TSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=535301:535306
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=535924:535929

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5035030192324608

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 810630 link

Issue metadata

Null-dereference READ in blink::CachedMatchedProperties::Clear

Issue description

Comment 1 by ClusterFuzz, Feb 9 2018

Comment 1 Deleted

Comment 2 by yutak@chromium.org, Feb 9 2018

Comment 2 Deleted

Comment 3 by brajkumar@chromium.org, Feb 9 2018

Comment 3 Deleted

Comment 4 by nainar@chromium.org, Feb 9 2018

Comment 4 Deleted

Comment 5 by ClusterFuzz, Feb 10 2018

Comment 5 Deleted

Sign in to add a comment